Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. The policy, provided by NIG, assists with and management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement.
As a business, you will rely on information technology (IT) infrastructure to some degree. As a result, you are exposed to the risks of business interruption, income loss, damage management and repair, and possibly reputational damage if IT equipment or systems fail or are interrupted (breached).
A UK Government survey* estimated that in 2015 74% of small to medium sized (SME) organisations suffered a cyber breach. The average cost of a cyber-security breach can be as much as £310,000 for an SME.
While existing insurance policies such as commercial property, business interruption or professional indemnity insurance, may provide some elements of cover against cyber risks, businesses are increasingly buying specialised cyber insurance policies to supplement their existing insurance arrangements, particularly if, like you, they hold:
If a company’s IT security is found to be inadequate and a breach occurs, the penalties can be high. Under EU regulations coming into force 25 May 2018, you will be required to notify your customers of a cyber security breach and could be fined up to 4% of your turnover**. In addition to potentially substantial fines it can also lead to a damaged reputation, legal costs and
associated business disruption and lost revenue. Will your customers trust you after a security breach?
Cyber Liability has become headline news following a number of high profile hacking cases which has led to a greater awareness of the risks and need for cover, but it’s not just the large corporates who are at risk.
As a managing agent you are likely to hold a lot of personal and sensitive data concerning your customers. The increasing use of online portals could give hackers access to sensitive information held about individual customer accounts. You can find out more about personal and sensitive data at the Information Commissioner’s Office. www.ico.org.uk
Deacon works with well-known insurers who offer competitive and comprehensive cyber insurance. This covers you against financial losses and third party liabilities up to the limits chosen arising from cyber attacks.
If you have any doubts or concerns over your cyber security or you suspect you might be a victim of cyber crime contact www.actionfraud.police.uk. ActionFraud is the UK’s national fraud and cyber crime reporting centre and provide advice on fraud and cyber crime. Other sites you may find helpful include www.getsafeonline.org and www.gov.uk/government/collections/cyber-security-guidance-for-business.
All organisations have something of value that is worth something to others. If you openly demonstrate weaknesses in your approach to cyber security by failing to do the basics, you may experience some form of cyber attack*. As part of your risk management process, you should be assessing whether you are likely to be the victim of a targeted or un-targeted attack. Every organisation connected to the Internet should assume they could be a victim of the latter. Either way, you should implement basic security controls consistently across your organisation, and where you may be specifically targeted, ensure you have a more in-depth, holistic approach to cyber security.
* Information Security Breaches Survey 2015, Department for Business, Innovation & Sills and MP Ed Vaizey
** For full terms and conditions please refer to the policy wording available on request. A broad range of cyber cover protection is offered and specialist advice at a time convenient to you. As with all insurance policies, the policy is subject to limits, conditions and exclusions. For full terms and conditions please refer to the policy wording available on request. This document does not purport to be comprehensive or to give legal advice. While every effort has been made to ensure accuracy, Deacon cannot be held liable for any errors, omissions or inaccuracies contained within the document. Readers are always recommended to take further professional advice before making any decisions. * From Common Cyber Attacks: Reducing the Impact, from the CESG The Information Security Arm of GCHQ https://www.ncsc.gov.uk/content/files/protected_files/guidance_files/common_cyber_attacks_2016.pdf